Data Privacy 2022 – the new normal
28 January 2022
This time last year we asked 'How are you celebrating data privacy day?' and looked forward at what 2021 had in store. For the most part last year produced nothing unexpected from a data privacy perspective. The new standard contractual clauses were adopted, there were some fairly robust enforcement actions taken and the pandemic continued to throw up novel issues for businesses relating to health data, particularly where their employees were concerned.
So what does this year hold in terms of data privacy? Rather than simply saying "more of the same", we thought that we would share our Top 5 offshore predictions, which, understandably, have a somewhat pandemic flavour.
1. Greater individual control
Across the world, people have been isolating and working from home for what, in many cases, has been a protracted period. Whilst some of us may have enjoyed the experience and/or be looking forward to a more flexible working life, we have been on call 24/7 and the "out of office and unavailable" concept appears to have evaporated. Being disconnected has a real value; it means that we can focus on the things that are important to us for a period of time. So, in terms of the ultimate luxury, being offline and invisible might not be far off the mark.
If being offline is a deliberate choice in a connected world, invisibility is trickier to achieve. So we think that individuals will champion the idea that data protection commissioners have long promoted – guard your data jealously. No longer will they give their name or postcode to buy a bottle of perfume or a pair of shoes (or even tolerate being asked) but they might temporarily share their Covid status to gain access to a ferry.
2. Digital wallets
Cash is dead and cards seem to be being overtaken by phones as a means of making small payments. If ever there was any doubt, phones are now essential devices for many people, holding as they do 2 factor identification processes, government IDs, Covid passes, passwords and photographs (the list goes on).
Losing a phone can be life changing (particularly if it falls into the wrong hands as all the information necessary for someone to steal your identity is on it).
So with the theme of greater individual control comes the notion that we need to be more careful with what we store and where we store it. And as our phones are a critical part of that data infrastructure, now might be the time to start a conversation about digital decluttering…
3. How big a mountain? Time to get a grip…
The pandemic has caused employers and businesses to know more than they ever wanted about their customers and employees. For example, HR and management teams now have more data than they would ever have imagined about who has had Covid, when, where, what symptoms they had, how long were they off, where they caught it, and who else is in their household. All of this is sensitive, and yet is probably stored randomly in emails and documents held by disparate custodians, outside of any holistic data retention policy or management system.
As we get beyond simply managing the daily impact of the pandemic, it is probably time to reflect on what pandemic data we do hold, whether we need to hold it and whether we should actually just get rid of it.
4. Moral compasses
Discovery is an essential part of litigation in the offshore world so what is recorded in emails and documents matters.
Data protection officers (or people fulfilling similar functions) have to date been focussed on data, its storage, management, and use. Yet they have a bigger role to play; if data is critical in all types of claims, so too are data protection officers; by their actions they can help protect organisations from claims far beyond the usual boundaries of data protection. At its simplest they can advise what questions should or should not be asked (after all, they will have to store the responses).
Their role is going to expand to protect the organisation more widely and their expertise be deployed to avoid, for example, discrimination claims or allegations of bullying. It's time to promote them and to give them a bigger role as a moral compass at the heart of a business.
5. Cyber, cyber, cyber
Although we tried not to say "more of the same", cyber probably now fits with "death and taxes". Criminals are not going away and the threat from cybercrime is ever increasing. Whilst systems evolve, humans are probably still the weakest link in any security system, especially if a large number are working remotely. We all need to focus on this issue both for our personal protection and for that of our organisations.
Education and testing are the way forward but we should all demand more from law enforcement in terms of catching the perpetrators of this global industry.